Remarks 

This response is submitted in response to a Final Office Action mailed on 
October 17, 2007. Claims 12-15, 21-25, and 30-34 are withdrawn from 
consideration. Claims 1-3, 5-11, 16-20, 26-29, and 35-43 were pending at the time 
the Office Action was issued. Claim 17 is now canceled and claim 44 is newly 
added. Applicants hereby amend claims 1, 5, 7-8, 16, 18-19, 26, 28, 35, and 41. 
Claims 1-3, 5-11, 16, 18-20, 26-29, and 35-44 remain pending. 

In the interest of reducing the issues to be considered in this response, the 
following remarks focus principally on the patentability of independent claims 1, 
16, 26, 36, and 41. The patentability of each of the dependent claims is not 
necessarily separately addressed in detail. However, Applicants' decision not to 
discuss the differences between the cited art and each dependent claim should not 
be considered as an admission that Applicants concur with the conclusions set 
forth in the Office Action that these dependent claims are not patentable over the 
disclosure in the cited references. Similarly, Applicants' decision not to discuss 
differences between the prior art and every claim element, or every comment set 
forth in the Office Action, should not be considered as an admission that 
Applicants concur with the interpretation and assertions presented in the Office 
Action regarding those claims. Indeed, Applicants believe that all of the dependent 
claims patentably distinguish over the references cited. Moreover, a specific 
traverse of the rejection of each dependent claim is not required, since dependent 
claims are patentable for at least the same reasons as the independent claims from 
which the dependent claims ultimately depend. 
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I. Examiner Interview 

Applicants respectfully express their appreciation to Examiner Gelagay for 
the telephone interview held on November 6, 2007, during which the Examiner 
discussed the disposition of this case with the undersigned attorney. Specifically, 
the Examiner and the undersigned attorney discussed the rejections of claims 8-9 
and 28 under 35 U.S.C. §112, second paragraph. The undersigned attorney 
clarified to Examiner Gelagay that claims 1, 8, and 9 present four possible 
alternative scenarios with respect to the matching of the signatures and 
accessibility status. Accordingly, it is believed that agreement was reached with 
Examiner Gelagay that the claim 8 and 28, as amended in this Response, and 
claim 9, as previously presented, overcome the 35 U.S.C. §1 12 rejections. 

Further, the Examiner and the undersigned attorney also discussed the 
claims that have been identified as allowable in the Office action. 

II. Allowable Subject Matter 

The Office Action states that claims 5 and 16, as well as claims 6-7, 18-19 
and 43 depending therefrom, are objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all 
the limitations of the base claim and any other intervening claims. During the 
telephone interview held on November 6, 2007, Examiner Gelagay clarified that 
claim 17, instead of claim 16, would be allowable if rewritten in independent form 
including all the limitations of the base claim and any other intervening claims. 
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III. Rejection Under 35 U.S.C. §112 

Claims 8-9 are rejected under 35 U.S.C. §112, Second Paragraph, as being 
indefinite. Applicants have amended claim 8 to recite "preventing the requested 
resource from execution" instead of "executing the requested resource." Further, 
as discussed above, Applicants have clarified that claim 9 further limits claim 1 as 
it presents an alternative scenario under which the requested resource may be 
prevented from execution. 

Claims 17 and 28 are rejected as lacking sufficient antecedent basis. 
Applicants have canceled claim 17. Additionally, it is believed that the 
amendment of claim 28 to recite "hash the sorted and stringed function names" 
instead of "hash the stringed function names" provides sufficient antecedent basis 
to overcome the 35 U.S.C. §112 rejection. Therefore, Applicants respectfully 
request reconsideration and withdrawal of these rejections. 

IV. Rejections Under 35 U.S.C. 8 103 

Claims 1-3, 8-11, 16, 20, 26-28, and 35-42 are rejected under 35 U.S.C. § 
103(a) as being unpatentable over U.S. Patent 6,188,885 to Garst et al. (hereinafter 
"Garst") in view of U.S. Patent 6,629,154 to Jones et al. (hereinafter "Jones") and 
U.S. Patent 6,026,235 to Shaughnessy et al. (hereinafter "Shaghnessy"). 
Respectfully, Applicants submit that the claims are allowable over the cited 
references for at least the reasons explained in detail below. 

Claims 1-3 and 8-11 

Claims 2-3 and 8-11 depend from Claim 1. Claim 1 recites: 
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1. A method for managing access to resources, 



comprising: 

generating a list of resource signatures, each of the 
resource signatures being generated based at least on a 
plurality of function names included in an import table 
of a corresponding resource; 

accessing the list of resource signatures, each of the 
resource signatures configured with an accessibility 
status, wherein the accessibility status includes one of 
loadable and restricted; 

generating a verification signature for a requested 
resource, the verification signature being generated 
based at least on a plurality of function names included 
in an import table of the requested resource; 

comparing the verification signature for the requested 
resource to the list of resource signatures; 

executing the requested resource if the resource signature 
matches the verification signature and the accessibility 
status is loadable; and 

preventing the requested resource from execution if the 
resource signature matches the verification signature 
and the accessibility status is restricted. 



Applicants respectfully assert that Garst does not teach or suggest every 
aspect of claim 1. First, as noted by the Examiner, Garst does not teach or suggest, 
"generating a list of resource signatures, each of the resource signatures being 
generated based at least on a plurality of function names included in an import 
table of a corresponding resource," as recited in claim 1. (Emphasis added). 
(Office Action, Pages 4-5, Paragraph 3, Lines 12-14). 

Moreover, the deficiency of Garst with respect to this element of claim 1 is 
not remedied by Jones. Instead, Jones discloses creating a hash value by "applying 
a hash function to the method string name and the parameter type list." (Column 5, 
Lines 39-41). Even assume, in arugendo, that a "method string name" is 
equivalent to a "function name", Jones nevertheless discloses the creation of a 
signature by applying a hash to a single "method string name" and "a parameter 
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type list," rather than creating a signature based on "a plurality of function 
names." (Emphasis added). 

Further support for the fact that Jones' signature creation process is based 
on a single "method string name" and a "parameter type list" is found in the 
following disclosure of Jones (Column 9, Lines 28-31): 

"In one implementation, hash value 308 is a hash value resulting 
from applying a standard hash function to the combination of the 
method name and parameter type list 318 of the remote method 316, 
as follows: 

Hash (Method Name, Parameter Type List)" (Emphasis Added). 

Moreover, "Parameter Type List" is not equivalent to a function. As further 
disclosed by Jones, "Parameter Type List" denotes a type for an argument. 
Specifically, Jones disclosed that a user would enter "John" as an argument for a 
parameter "String" in Hash (lookupPhone, String) to lookup the phone number for 
a person with the string name "John". (Column 10, Lines 44-54). 

Accordingly, Jones also fails teach or suggest "generating a list of resource 
signatures, each of the resource signatures being generated based at least on a 
plurality of function names included in an import table of a corresponding 
resource," as recited in claim 1. (Emphasis added). Additionally, the disclosures 
of Shaughnessy are related to import tables. However, Shaughnessy is silent with 
respect to the generation of signatures from function names. Thus, Shaughnessy 
also does not remedy the deficiency of Garst with respect to this element of claim 
1. 

Second, for the same reasons, the cited references also do not teach or 
suggest, "the verification signature being generated based at least on a plurality of 
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function names included in an import table of the requested resource." (Emphasis 
added). 

Thus, for at least the above reasons, the cited references (Garst, 
Shaughnessy, and Jones), whether individually or in combination, do not disclose, 
teach, or fairly suggest the method recited in claim 1. Since claims 2-5 depend 
from claim 1, they are allowable over the cited references at least due to their 
dependency, as well as due to additional limitations recited. 

Specifically, claim 3 is further allowable over the cited references. Claim 3 

recites: 

3. A method according to Claim 1, wherein each of the 
resource signature is generated based further on one or more 
dynamic link library (DLL) names, and wherein the 
verification signature is generated based further on one or more 
dynamic link library (DLL) names. 

As noted by the Examiner, Garst discloses that a digital signature may be 
created for enforcing a software license of a "software resource" that includes a 
dynamic link library. (Column 5, 1-65; Office Action, Page 5, Paragraph 3, Lines 
1-4). However, the use of a digital signature to protect a software resource that 
includes a dynamic link library, as disclosed by Garst, does not teach the 
generation of digital signatures based on the name of the dynamic link library. 

Accordingly, Garst does not teach or suggest, "each of the resource 
signature is generated based further on one or more dynamic link library (DLL) 
names" and "the verification signature is generated based further on one or more 
dynamic link library (DLL) names," as recited in claim 5. (Emphasis added). 
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Moreover, the deficiencies of Garst are not remedied by Shaughnessy and 
Jones. Jones and Shaughnessy are each silent with respect to the generation of a 
resource signature based on dynamic link library names. Thus, for at least the 
above reasons, claim 3 is further allowable over the cited references to Garst, 
Shaughnessy, and Jones. 



Claims 16 and 20 

Claim 20 depends from claim 16. Claim 16, as amended, recites: 

16. A method of restricting particular applications, 
comprising: 

receiving a list of application fingerprints corresponding 

respectively to restricted applications; 
receiving a request to execute an application; 
generating a confirmation fingerprint for the requested 

application, wherein generating the fingerprint 

includes: 

retrieving a plurality of names from an import 
table, wherein the plurality of names include 
function names; 

sorting the retrieved names; 

concatenating the sorted names in a predetermined 

manner; and 
hashing the concatenated names; 
comparing the confirmation fingerprint to the list of 

application fingerprints; and 
restricting the requested application if the confirmation 
fingerprint matches one of the application fingerprints 
respectively corresponding to restricted applications. 
(Emphasis added). 

Applicants respectfully assert that the cited references (Garst, Shaughnessy, 
and Jones), whether individually or in combination, do not disclose, teach or fairly 
suggest every aspect of claim 1. 

As stated in the Office Action (and clarified by the Examiner during the 
telephone interview), claim 17 "would be allowable if rewritten in independent 
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form including all of the limitations of the base claim and any intervening claims." 
Accordingly, without further comment or prejudice as to the merits of the 
Examiner's rejection, Applicants hereby incorporate the emphasized limitation of 
claim 16, as recited above, from claim 17 into claim 16. Therefore, Applicants 
respectfully request reconsideration and withdrawal of the rejection to claim 16. 

Therefore, since claim 20 depends from claim 16, it is allowable over the 
cited references at least due to its dependency on an allowable base claim. 



Claims 26-28 

Claims 27-28 depend from Claim 26. Claim 26, as amended, recites: 

26. An apparatus, comprising: 

an interface to receive a request for a running state of an 
application; 

an application identifier to generate an application digital 
signature for the application based at least on a 
plurality of function names included in an import table 
of the application; 

an application manager to match the application digital 
signature against a list of stored digital signatures 
indicating whether corresponding applications are 
eligible or ineligible for a running state; and 

an enabler to enable the running state for the application if 
the application digital signature is not matched to a 
stored digital signature indicating that the application 
is ineligible. (Emphasis added). 

Applicants respectfully assert that the cited references do not teach or 
suggest every aspect of claim 26. Specifically, Applicants incorporate the 
reasoning presented above in response to the rejection of claim 1 under 35 U.S.C. 
§ 103(a). Accordingly, Applicants respectfully assert that the cited references 
(Garst, Shaughnessy, and Jones) do not disclose, teach or fairly suggest, whether 
individually or in combination, "an application identifier to generate an 
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application digital signature for the application based at least on a plurality of 
function names included in an import table of the application." (Emphasis added). 

Moreover, since claims 27-28 depend from claim 26, they are allowable 
over the cited references at least due to their dependency on an allowable base 
claim. 



Claims 35-40 

Claims 36-40 depend from claim 35. Claim 35, as amended, recites: 

35. A computer-accessible storage medium having an 
application programming interface (API), the API having one 
or more instructions to cause one or more processors to: 
receive a request to run a program; 

generate a digital signature for the program based at least 

on a plurality of function names included in an import 

table of the program; 
compare the generated digital signature against a 

compilation of digital signatures corresponding to 

restricted programs; and 
enable only those programs for which the signature does 

not match with any of the compiled signatures. 

(Emphasis added). 

Applicants respectfully assert that the cited references do not teach or 
suggest every aspect of claim 35. Specifically, Applicants incorporate the 
reasoning presented above in response to the rejection of claim 1 under 35 U.S.C. 
§ 103(a). Accordingly, Applicants first respectfully assert that the cited references 
(Garst, Shaughnessy, and Jones) do not disclose, teach or fairly suggest, whether 
individually or in combination, "generate a digital signature for the program based 
at least on a plurality of function names included in an import table of the 
program." (Emphasis added). 
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Moreover, since claims 36-40 depend from claim35, they are allowable 
over the cited references at least due to their dependency on an allowable base 
claim. 



Claims 41-42 

Claims 41, as amended, recites: 

41. A license enforcement method, comprising: 

generating a digital signature for each of a plurality of 
applications based at least on a plurality of function 
names included in an import table of each application; 
classifying each of the digital signatures in accordance 
with a licensing status for the corresponding 
applications; 
coding an operating system to: 

include the classified digital signatures, 
generate a digital signature for a requested 
application based at least on a plurality of 
function names included in an import table of 
the requested application, 
compare the digital signature for the requested application 

to the classified digital signatures, and 
run the requested application when the digital signature 
for the requested application does not map to digital 
signature classified as not being licensed. (Emphasis 
added). 

Applicants respectfully assert that the cited references not teach or suggest 
every aspect of claim 41. Specifically, Applicants incorporate the reasoning 
presented above in response to the rejection of claim 1 under 35 U.S.C. § 103(a). 
Accordingly, Applicants first respectfully assert that the cited references (Garst, 
Shaughnessy, and Jones) do not disclose, teach or fairly suggest, whether 
individually or in combination, "generating a digital signature for each of a 
plurality of applications based at least on a plurality of function names included in 
an import table of each application," and "generate a digital signature for a 
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requested application based at least on a plurality of function names included in 
an import table of the requested application." (Emphasis added). 

Moreover, since claim 42 depends from claim 41, it is allowable over the 
cited reference at least due to its dependency on an allowable base claim. 

Claim 29 

Claim 29 is rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Garst in view of Jones, Shaughnessy, and U.S. Patent 5,892,904 to Atkinson et al. 
(hereinafter "Atkinson"). Respectfully, Applicants submit that Claim 29 is 
allowable over the cited references for at least the reasons explained in detail 
below. 

Claim 29 depends from claim 26. Claim 26 has been amended to include 
the recitation of, "an application identifier to generate an application digital 
signature for the application based at least on a plurality of function names 
included in an import table of the application." (Emphasis added). Therefore, 
Applicants rely on similar reasoning as presented above regarding claim 1 and 
respectfully assert that the cited references (Garst, Shaughnessy, and Jones), 
whether individually or in combination, do not disclose, teach or fairly suggest this 
element of claim 26. 

Moreover, the deficiencies of Garst are also not remedied by Atkinson. 
Atkinson's disclosures are related to an MD5 hash algorithm. (Column 20, Lines 
1-10). However, Atkinson is silent with respect to the generation of signatures 
from function names. Accordingly, claim 26 is allowable over the cited references. 

Moreover, since claim 29 depends from claim 26, it is allowable over the 
cited references at least due to its dependency on an allowable base claim. 
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V. New Claim 
Claim 44 is newly added. Claim 44 depends from and applies additional 
limitations to claim 40. Accordingly, claim 40 is allowable at least due to its 
dependency on an allowable base claim. 



Conclusion 

Applicants respectfully submit that claims 1-3, 5-11, 16, 18-20, 26-29, and 
35-44 are in condition for allowance. Applicants respectfully request entry of the 
amendments, as well as consideration and prompt allowance of the claims. If any 
issue remains unresolved that would prevent allowance of this case, the Examiner 
is requested to contact the undersigned attorney to resolve the issue. 



Respectfully Submitted, 



Dated: /2~//^7 By: 9t£- 

Elliott Y. Chen 

Reg. No. 58,293 

Lee & Hayes, PLLC 

421 W. Riverside Ave, Suite 500 

Spokane, WA 99201 

Phone: (206)315-4001x104 

or (206)315-7914 

Fax: (206)315-4004 
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